Sr. Red Team Engineer / Hybrid / Scottsdale

Hybrid opportunity in Scottsdale, AZ with a major U.S. financial technology company that powers and protects critical payments infrastructure used by hundreds of millions of consumers and small businesses. Tech stack includes Python, PowerShell, Go, AWS/Azure cloud environments, the MITRE ATT&CK framework, and modern adversary emulation toolsets (Cobalt Strike, CALDERA, Atomic Red Team, and similar). This is a full-time, direct-hire Senior Red Team Engineer role on the Offensive Security team.

This is not a checkbox pen testing role. You'll be doing real adversary emulation against one of the highest-value target environments in the country — payments infrastructure relied on by millions every day. Financially-motivated APTs aren't a hypothetical here; they're the actual threat model. You'll run red team campaigns, partner with the blue team on purple team exercises, build your own tooling, and prove real-world blast radius on findings that matter. They're looking for an operator who thinks like a threat actor, can pivot from a single vulnerability to org-wide impact, and wants to grow technically without being pushed into management. You'll report directly to the Director of Offensive Security, work alongside a sharp and well-resourced team, and have real influence over how the organization defends itself. Strong work-life balance with flexible PTO, 12 weeks of paid parental leave, and a 100% safe harbor 401(k) match on the first 6% — plus a culture that genuinely supports learning, conference attendance, and certification growth.

Required Skills & Experience

- 6+ years of information security experience, with at least 2 years in offensive security roles

- Hands-on experience running red team campaigns and adversary emulation exercises

- Strong working knowledge of tools and techniques for network, cloud, and web-based campaigns, plus the ability to develop and execute new exploits at scale

- Solid grasp of threat modeling, cloud security, cryptography, authentication & authorization, and defensive detection techniques (including offensive evasion)

- Proficiency writing and maintaining scripts in PowerShell, Python, and Go

- Strong written and verbal communication; able to brief both technical and non-technical audiences

- Bachelor's degree in a relevant field or equivalent practical experience

Desired Skills & Experience

- Hands-on experience with adversary emulation frameworks and C2 platforms (Cobalt Strike, Mythic, Sliver, CALDERA, Atomic Red Team, etc.)

- Deep understanding of MITRE ATT&CK, MITRE CAPEC, and the Cyber Kill Chain

- Mobile application testing and vulnerability research experience

- Practical offensive security certifications: OSCP, OSEP, ePTX, GPEN, HTB CPTS, or equivalent

- Cloud certifications: AWS SAA/SAP, AWS Security Specialty, or equivalent

- Experience moving from a single vulnerability to identifying organization-wide impact

What You Will Be Doing

Tech Breakdown

- 40% Cloud (AWS / Azure) offensive security

- 30% Network & internal infrastructure red teaming

- 20% Web and application-layer exploitation

- 10% Mobile application testing

Daily Responsibilities

- 70% Hands-on (campaigns, exercises, tooling development, exploit research)

- 20% Team collaboration (purple team work, scoping with internal security partners, IR/CTI support)

- 10% Reporting and stakeholder communication

The Offer

- Base salary: $132,000 – $165,000

- Discretionary incentive / bonus eligible

You will receive the following benefits:

- Medical, Dental, and Vision Insurance (PPO/HDHP options with HSA company contributions)

- Flexible PTO for exempt employees, plus 11 paid company holidays and a paid volunteer day

- 401(k) with 100% safe harbor match on first 6% (immediate eligibility)

- 12 weeks paid parental leave

- Family planning benefits including fertility, adoption, and surrogacy support

- Commuter and dependent care FSA options